the parrot is dead: observing unobservable network communication
DESCRIPTION
The Parrot is Dead: Observing Unobservable Network Communication. Amir Houmansadr Chad Brubaker Vitaly Shmatikov Presented by Amruta Patwardhan. INTRODUCTION. Internet is a big threat to the repressive Regimes These regimes censor internet by IP filtering, DPI,DNS hijacking.. - PowerPoint PPT PresentationTRANSCRIPT
TapDance: End-to-Middle Anticensorship
without Flow Blocking
CS898AB Privacy Enhancing TechnologiesDr. Murtuza Jadliwala
Presented ByQasem Albasha
1
Content• Indirect Scheme• End-to-Middle Scheme• Existing E2M Protocol• Telex Scheme• TapDance Scheme• Performance• Security Analysis• Comparison• Conclusion
2
Indirect Scheme
Client
Local Network
Website.com
Firewall
Indirect Server
3
End-to-Middle Scheme
Client
Local Network
Decoy.com
FirewallIntermediate ISP
Blocked.com
4
Existing E2M Protocol• There are three original publications on end-to-middle proxying:
• Telex: ECDH(public key point, hash of ECDH secret shared)• Decoy Routing: HMAC(shared secret key, current hour, per-hour number)• Cirripede: ECDH (public key point, hash of ECDH secret shared)
• Elliptic Curve Diffie-Hellman (ECDH)
5
Telex end-to-middle Scheme
6
Problems With Existing ProtocolToo slow because of inline-blocking: most ISP refuse to implement it.• Limited Key size
TELEX,Decoy Routing: inside TLS header Cirripede: inside TCP ISNs
•
7
8
9
10
11
Security Analysis• Passive Attacks
• Chrome’s cipher suite list• Cryptographic attack: ECC Curve 25519 which is secure.• Forward secrecy: ISP station generates many private keys ahead• Packet timing and length• Lack of server response
the censor may disrupt the path between client and TapDance station• such false pickups may happen intermittently (due to ISP station malfunction)• a client may attempt to find new TapDance stations by probing many potential decoy
servers with tagged TLS connections• TCP/IP protocol fingerprinting
12
Active Attack• TLS attacks The censor may issue fake TLS certificates from a
certificate authority under its control and then target TLS sessions with a man-in-the-middle attack. (unlikely)
• Packet injection:• Active defense• Replay attacks : To protect against duplicated tags, the station could
record previous tags and refuse to respond to a repeated tag• Denial of service: can handle 1.2Gbps of pure TLS application• Routing around the proxy:• Tunneling around the proxy
13
14
Conclusion It needs more work – still prototype Fast – no inline blocking Vulnerable to some attacks